/etc/bind.keys in a chrooted environment

Josef Moellers jmoellers at suse.de
Wed Jul 22 14:51:57 UTC 2020

On 22.07.20 16:41, Anand Buddhdev wrote:
> On 22/07/2020 15:30, Josef Moellers wrote:
>>> Or just ignore the warning, and let BIND use its built-in keys.
>> If /etc/bind.keys contains some additional keys, this will not work ;-)
> Sure, but what additional keys do you expect this file to contain? Are
> you serving an alternate signed root zone?

I'm not really sure what the partner wants to add, I have the slight
feeling that the remark about manually added keys was made by a third
person assuming ...

It turns out that it is mainly the warning the partner is irritade about.

So, let me put the question the other way round: what would happen if we
*always* copied /etc/bind.keys to the chroot environment? If there would
be no harm, I could easily add that to eg /etc/init.d/named or the
systemd service file. But the question now is: does it do any harm?


SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg

(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer

More information about the bind-users mailing list